HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

Slides:



Advertisements
Similar presentations
Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
Advertisements

SIMPLIFYING PRIVACY: HIPAA PRIVACY STANDARDS AND RESEARCH Angela M. Vieira General Counsel Childrens Hospital and Health Center June 5, 2004.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
“Reaching across Arizona to provide comprehensive quality health care for those in need” Our first care is your health care Arizona Health Care Cost Containment.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA and Research and YOU. 2 INTRODUCTION Rule #1:Don’t Panic Rule #2:Bottom Line for Researchers: HIPAA is Manageable thru Education/Awareness and.
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
NAU HIPAA Awareness Training
TM The HIPAA Privacy Rule: Safeguarding Health Information in Research and Public Health Practice Centers for Disease Control and Prevention Beverly A.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
Are you ready for HIPPO??? Welcome to HIPAA
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Health Insurance Portability and Accountability Act (HIPAA)
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
California :: Delaware :: Florida :: New Jersey :: New York :: Pennsylvania :: Virginia :: Washington, D.C. :: 1 NEW OBLIGATIONS.
HIPAA and HITECH The Latest Developments Presented By: Michele Madison Partner, Healthcare Practice Morris, Manning & Martin, LLP
HIPAA The Privacy Rule Health Insurance Portability and Accountability Act of 1996 (HIPAA) The 104 th Congress passed the Act, Public Law ,
PricewaterhouseCoopers Transaction Compliance Date Extension & Privacy Standards NPRM Audioconference April 19, 2002 HIPAA Administrative Simplification.
1 HIPAA OVERVIEW ETSU. 2 What is HIPAA? Health Insurance Portability and Accountability Act.
Compliance and Enforcement of the Privacy Rule. HHS/OCR February/March Compliance Date  April 14, 2003 – Compliance for all but small health plans.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA – How Will the Regulations Impact Research?.
HIPAA’s Medical Privacy Standards: The Long and Really Winding Road Michael D. Bell, Esq. Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. Washington,
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HIPAAand Disaster Situations By LYNDA M. JOHNSON Friday, Eldredge & Clark.
Office of the Secretary Office for Civil Rights (OCR) The HITECH NPRM: Overview of Research Comments October 19, 2010 Christina Heide, JD HHS Office for.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
HIPAA SURVIVAL SKILLS: An Update University of Miami1 Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
1 Changes to Privacy Regulations under ARRA May 4, 2009 Melissa Goldstein, J.D. The George Washington University School of Public Health and Health Services.
© Washington, DC & Boston & London, UK Alan S. Goldberg © Copyright 2002 Alan S. Goldberg All Rights Reserved.
Finally, the Final HIPAA/HITECH Regulations are Here! By LYNDA M. JOHNSON Friday, Eldredge & Clark.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
PwC Issues in HIPAA Research Compliance William R. Braithwaite, MD, PhD “Dr. HIPAA” HIPAA Summit 6 Washington, DC 27 March 2003.
Final PRIVACY RULE Presentation by Richard Campanelli, Director OCR/HHS at 5 th National HIPAA Summit Washington, D.C. October 31, 2002.
 Health Insurance and Accountability Act Cornelius Villalon Jr.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.
Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
HIPAA Privacy Rule Training
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA)
The HIPAA Privacy Rule: Implications for Medical Research
HIPAA Administrative Simplification
HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.
Disability Services Agencies Briefing On HIPAA
National Congress on Health Care Compliance
Compliance and Enforcement of the Privacy Rule
Analysis of Final HIPAA Privacy Modification Rule
Presentation transcript:

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule

The purpose... is to maintain strong protections for the privacy of individually identifiable health information while clarifying certain of the Privacy Rule’s provisions, addressing the unintended negative effects of the Privacy Rule on health care quality or access to health care, and relieving unintended administrative burdens created by the Privacy Rule. Final Rule, August 14, 2002 The Final Rule: Changes

Written acknowledgment replaces written consent Disclosure allowed for other covered entities’ treatment, payment and some health care operations Incidental disclosures are not privacy rule violations Authorized disclosures exempt from accounting requirement The Final Rule: Positive Changes for Hospitals

Creation of limited data set and clarification of de-identification safe harbor Business associate compliance delayed for up to one year for certain existing contracts The Final Rule: Positive Changes for Hospitals (cont.)

“The notice acknowledgment process is intended to alert individuals to the importance of the notice and provide them the opportunity to discuss privacy issues with their providers.” Flexibility in designing the process Good faith effort required (HHS’s promise re “good faith”: future guidance through FAQs or other materials in response to specific scenarios raised by field) Not required in emergency situations Option to get consent remains and providers have “complete discretion in designing the consent process” Written acknowledgment replaces written consent

“The proposal would broaden the uses and disclosures that are permitted without authorization as part of treatment, payment, and health care operations so as not to interfere inappropriately with access to quality and effective health care, while limiting this expansion in order to continue to protect the privacy expectations of the individual.” PHI must pertain to the relationship Allowed where other covered entity’s relationship is past relationship Limits scope of health care operations of other covered entity for which PHI may be so used or disclosed Allows disclosures to or by a business associate Disclosures allowed for other covered entities’ treatment, payment and some health care operations

“The Privacy Rule must not impede essential health care communications and practices. Prohibiting all incidental uses and disclosures would have a chilling effect on normal and important communications among providers, and between providers and their patients, and, therefore, would negatively affect individuals’ access to quality health care.” Secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a by- product of an otherwise permitted use or disclosure Any permissible use or disclosure made to any person Must still apply appropriate safeguards (§ (c)), and minimum necessary requirements (§§ (b), (d)) No need to include in accounting of disclosures Incidental disclosures are not privacy rule violations

“[A]ccounting for authorized disclosures d[oes] not serve to add to the individual’s knowledge about disclosures of protected health information.” Also exempt from minimum necessary requirements Authorized disclosures exempt from accounting requirement

“We have created the limited data set option because we believe that this mechanism provides a way to allow important research, public health and health care operations activities to continue in a manner consistent with the privacy protections of the Rule.” Limited data set of “facially de-identified” data (admission and discharge dates, service dates, date of death, date of birth, 5-digit zip codes) Requires “data use agreement” with recipient of data Re-identification codes or other means of record identification permitted by § (c) expressly excepted from the listed safe harbor identifiers Age now may be in months, days and hours Creation of limited data set and clarification of de-identification safe harbor

“The transition provisions are intended to address the concerns... that the two-year period between the effective date and compliance date... is insufficient to reopen and renegotiate all existing contracts... [to] bring[ ] them into compliance with the Rule. These provisions also provide covered entities with added flexibility to incorporate the business associate contract requirements at the time they would otherwise modify or renew the existing contract.” Must be a writing prior to effective date of modification Applies only to those not renewed (other than automatically) or modified between 10/14/02 and 4/14/04 New sample language provided Business associate compliance delayed for up to one year for certain existing contracts

Not relieved of the responsibilities : to make information held by a business associate available to the Secretary respecting individual’s rights (access, amend, accounting of disclosures Required to mitigate, to the extent practicable, any harmful effect known of a use or disclosure of protected health information by its business associate (§ (f)) Business associate compliance delayed for up to one year for certain existing contracts (cont.)

Fundraising restrictions remain unchanged Business associate agreement still required between two covered entities HHS declines to provide a business associate certification process Sample business associate language continues to include some optional provisions that hospitals may not want to include in their business associate agreements The Final Rule: Some Disappointments

No mitigation for covered entities’ liability and individual rights obligations with regard to their business associates during “deemed compliance” period HHS declines to exempt disclosures for public health and health oversight purposes from the accounting of disclosures requirement The Final Rule: Some Disappointments (cont.)

AHA urging phase-in of enforcement First 2 years after compliance date HHS to focus on education and technical assistance, not fines and penalties Congressional interest in phase-in approach Letter from Rep. Hobson (R-OH) to HHS Secretary Thompson dated July 15, 2002 Compliance = April 14, 2003

Currently proposed only HHS’s latest promise on publication: October 2002 No potential conflict between of privacy and security requirements (Preamble, Final Rule, August 14, 2002) Security Rule will apply only to electronic health information systems HHS, in preparing final Security Rule, is working to ensure it works “hand in glove” with Privacy Rule requirements A Word on the Security Rule

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.